This is a very important point. Several months ago I saw the first case of a web site using the Mozilla/Firefox XPI method for software installation to try to install a wicked toolbar of some sort. A window popped up saying "Such-and-such site wants you to install this..." The naive user that just clicks OK on every warning/message/error dialog would now have spyware installed, just as if IE had been in use.
I know that the mozilla org people are at work on solving this, with whitelists or trust lists or something similar. But just because Firefox hasn't quite been targeted yet doesn't mean it won't.
By the way, the particular site in question was one of those cracks/keygne sites like cracks.am or keygen.us. Search for your favorite software at astalavista.box.sk and follow some of the download links if you want to experience this first-hand.
The real problem with Sealand is that its sovreign nation status has not been seriously questioned or debated by anyone because it's not worth anyone's time. If you seriously pissed off a large multinational corporation through the use of HavenCo you can bet that Britain and the rest of the world would take a moment to reexamine the situation and conclude that it's not a nation at all... What the hell are they supposed to do when a boat full of SWAT-style law enforcement goons with automatic weapons show up demanding to take the servers' hard drives for a criminal investigation, and claiming that Sealand is just a part of Britain? "Nuh-uh, we're sovreign! Go away! You can't make me! Ouch, stop with the handcuffs! You're hurting me! Ooowwwie!"
If you think that copyright law is something unique to the US go look up the Berne Treaty. You can barely find a semi-industrialized country that is not a signatory of this treaty, which grants basic copyright protections. Copying the textbook is illegial in most every country on this planet. Let's just stop with all this "I don't know (country) law so I'll pretend it doesn't matter" BS.
There have been third party AIM/MSN/ICQ clients for years, such as Gaim, Miranda, and Trillian. If the rest of the world shared the same gripe about the crappy UI that the author of this article had, then wouldn't you expect use of those programs to dwarf use of the "official" clients? Yet I'd be surprised if their use registers in the double-digits percentage wise.
This article is one of the more logically inconsistent and poorly thought out ones I've seen posted to slashdot in a long time. The author starts out with a screed about how bad the official AIM client is. He then uses that to suggest that the protocol needs to be changed to Jabber. Hello? Someone doesn't understand the difference between the CLIENT implementation and the PROTOCOL implementation. You can use Trillian to AIM/ICQ/MSN/YIM all day long with none of the ridiculous complaints the author has. "Oh no, an ad and large toolbar buttons!" Christ, get a different client. But don't condemn the whole protocol because of a bad implementation. If by some stroke of magic Jabber became popular, you can bet the big boys would make a Jabber client with ads and games and stupid toolbars also.
The author then goes on to make some ill-formed conclusion that somehow Google would have anything to do with this. The fact is that these days the IM field is pretty mature, and there are already too many large players. Yet another company asking users to switch to another IM program is going to be a hard sell. People have been offering new protocols like Jabber for years, as well as replacement clients like Trillian for existing protocols -- and yet everyone still uses the crappy mainline versions with ads and distractions and bloat. When it comes to software and web companies, it's really hard to get much bigger than Microsoft/MSN, Yahoo, and AOL. They have the marketing budget and mindspace to get people to run their clients. Google may be big but it's not a deity, it cannot expect to cause everyone to switch without resorting to underhand tactics like installing its software without permission or making deals to bundle it with Windows. I don't see how Google would have any chance of doing anything about the IM landscape.
The google spider doesn't care what port is in the URL. It's not like it's doing port-scans of machines randomly looking for web servers. All it cares about is that the URL is linked in a document somewhere. That's the whole point of Uniform Resource Locator, after all. If you have a document served on the normal port 80 it will never be indexed by Google unless it's referenced from some other page on the web. Likewise a document on a nonstandard port will be indexed just like any other as long as there's at least one page that links to it.
It's funny, you neglected to make your URL into a link (and hence it had a stray space inserted into it by slashcode, making it invalid for lazy copy-and-pasters) yet for some reason you felt the need to manually add "[slashdot.org]" in your post, which is automatically added by slashcode for all links, not something that you need to type. If it were user-supplied data it would completely defeat the purpose, which is to identify the domain of the link for all the idiots that can't hover over the link and look in the status bar and are ultra-paranoid about clicking on goatse.cx man accidently.
I don't know why the parent was marked a troll because its a valid question.
The reason is that most win32 users would scoff at the notion of keeping Sun's bloated pig of a JVM loaded all the time for something fairly simple like a tray mail notifier. It's like saying, "Hey, check out my neat new gmail indicator! Only 50MB runtime!" That's the reason for the troll moderation.
shouldn't we just leave the networks open and have secure computers? what's the problem with having a wide open network if you've got your computer all patched up and are encrypting your e-mail, etc?
The problem is that the current model of dealing with network abuse requires that there be a traceable party accountable for what happens with the connection. Currently the only way to deal with abuse such as spam, warez, DoS attacks, etc. is to send a LART to the person listed as responsible for that netspace, and hope that they find some way to find the actual responsible party and put an end to the abuse. If everyone left their AP wide open, this model would fall apart and there'd be no way to deal with abuse. It's not just about "computer security" in the sense that you should harden your computer against being vulnerable. At the end of the day somebody has to be responsible for the actions of each netblock. The system was designed that way, owing back to its origin as a bunch of cooperating research entities. If you were to redesign the system today you might be able to change that assumption, but currently that's the basic theory that makes the entire net work, that there is someone responsible should something break or if abuse is detected.
The problem is that "secure by default" (as practiced by e.g. OpenBSD) results in more suport calls for the manufacturer. They figured a long time ago that by shipping it with everything disabled that could possibly interfere with it it working right out of the box, that they'd both have happier customers and fewer support issues. I'm sure most manufacturers of WIFI gear would like all networks to be at least moderately secure. But taking steps to do that would hurt their bottom line, so they pass the buck. "It's the consumer's responsibility to secure his network, don't look at us."
I'm sure there's a some economic theory about situations like this, where on the face of it there is no good financial argument for doing something but there's a very compelling social and/or technological one. Tragedy of the commons perhaps.
Have you ever actually read an AUP/TOS from *any* ISP *anywhere*? Contractually, you are responsible for whatever happens with the connection. Period. Now, your point of view is more from the standpoint of the legal side of the issue. In that very limited sense I agree: If someone used your open WIFI network to sell child porn, you personally would probably not be charged with distribution of child pornography. But you most likely *would* be charged with criminal negligence, contribution to the delinquincy of a minor, or some other crime related to purposefully setting up the circumstances under which someone else is assisted in commiting a crime.
But *contractually* speaking it's you and only you. That means you could be fined or have your connection terminated, among other things, based solely on the actions of others, even if you had no knowledge or participation of their actions. Read those contracts.
Not only that, but it's a logical fallacy to not include the resources required to manufacture the two things being compared. Fabs to make digital ICs use all sorts of nasty chemicals.
For example, suppose that it takes 5 'units' to manufacture a regular optical camera and 1 'unit' per roll of film to process. (Here a "unit" is just a figure of speech, let it represent whatever you're comparing, e.g. amount of detrimental environmental impact.) Compare to the digital camera whose environmental cost might be, say, 0.5 'units' per set of images printed. On the face of it, it seems like the digital one requires less resources, but what if it takes 20 'units' to manufacture the digital one because of all the dozens of processing steps necessary to make those wonderful modern CMOS chips? Unless it's re-used 'n' times it's more of an environmental detriment than the optical one, where 'n' is whatever break-even point.
Now obviously that's quite a contrived example, but really my point was you can't just look at the thing and say "processing digital images doesn't use nasty chemicals, therefore it's better for the environment." You have to take into account all of the resources required to manufacture and dispose of the item, among other things. As the parent points out, batteries are an especially nasty example of something with a high "hidden" environmental cost of disposal.
Fine, then you'd better not complain when sites come up with elaborate schemes that try to force you to download advertisement images before it will allow you to download the content. If you thought todays ads were bad just imagine what the landscape will be like in a few years. After all, it's their server's bandwidth and if they want to require you to download an ad first then it's their right.
See how this line of reasoning is meaningless? Besides, who pays for bandwidth by the byte, really? The vast majority of common home web surfers have some kind of flat-rate connection, either dialup or *DSL/cable broadband. Yes I realize that "real" transit is sold by the 95th percentile, yadda yadda yadda, but if you're talking about a "real" connection then you likely don't give a shit about silly banner ads, you have much larger sources of bandwidth to deal with.
Someone should post that link to Eben Moglen explaining why no company has ever tried to attack the GPL in court... (except SCO of course) Basically he explains that in almost all cases of GPL-violations the violator would have to be totally nuts to try the case in court, and that in almost every instance it's much easier to settle the dispute some other way. The fact that it had never made it to court is a strength not a weakness.
OR, you could get a $30 hardware NAT gateway and forget about all that bullshit.
There's no need to jump through all those damn hoops. You can connect the system with no software firewall and no service pack without any fear of anything while you download updates and install the system. I don't see why in the world anyone would try to do it otherwise.
nd when he got some code from me and my colleques to put it in his library, comments usually vanished.
Good god, he removed the comments? Why on earth... "This looks like pretty good code you've got here, but these pesky comments are just taking up too much disk space and don't actually do anything. Better remove them... there."
Looks like someone rushed to make a post and get a high rating without reading the story links. "unconfirmed reports" are confirmed in the damn article by MS, with complete details. Reading is FUNdamental.
Why in god's name was this modded insightful? If anything, he was being facetious. "Just reinstall it" is the cry of the ignorant, the equivalent of throwing your arms up in the air when something happens rather than fixing it. I can't fathom why people do this. Take some time and learn something about your system and you wouldn't be stuck wiping your hard drive every two months.
Besides, in this context it's totally wrong. Reinstalling windows will not remove all the hotfix uninstall directories, unless you were not to run Windows Update after the new install. You could achieve the same effect by simply uninstalling all of the fixes. In either case you'd be running a terribly vulnerable system. If installing a service pack does indeed remove the files then just do that, don't bother reinstalling everything.
I think the logic goes something like, "Whatever we do is legitimate because we're a Corporation and we are Respectable Busisnessmen; those dirty Free Software hippies on the other hand are the work of Satan and must be stopped or they'll ruin Capitalism."
So just set Tbird to not delete mail from the POP server after retrieving it. Then you can pop your mail with both Tbird and your regular client. If you don't like Tbird just stop using it and go back to your old client, you won't have lost anything.
So Sony Entertainment told them to make an incomprehensible and shitty user interface and crappy PC software? Sorry, but I don't see a relation. True, they influenced the ATRAC3-only nature. But the article makes it quite clear that one of the biggest problems (if not _the_ biggest) is the terrible UI and software.
Why not use Cygwin? It "fixes" the Win32 behavior you speak of and gives you back the unix/posix environment on windows. Of course it also means your code is touched by the GPL fairy, so if it's not free software then it could be a problem.
I groan every time I use some web "application" that involves submitting a form and waiting 3 to 10 seconds between each step. It's a ridiculous way of making something interactive. Even the best hacks (such as Gmail which uses a pile of javascript and DHTML to make things seem instantaneous) take excrutiating amounts of coding and testing and still fall prey to the "submit and wait for a whole new page" thing for some parts.
HTTP is great for static pages, but anything remotely interactive would benefit from some kind of persistent connection without scripting hacks.
Slashdot Mirror
This is a very important point. Several months ago I saw the first case of a web site using the Mozilla/Firefox XPI method for software installation to try to install a wicked toolbar of some sort. A window popped up saying "Such-and-such site wants you to install this..." The naive user that just clicks OK on every warning/message/error dialog would now have spyware installed, just as if IE had been in use.
I know that the mozilla org people are at work on solving this, with whitelists or trust lists or something similar. But just because Firefox hasn't quite been targeted yet doesn't mean it won't.
By the way, the particular site in question was one of those cracks/keygne sites like cracks.am or keygen.us. Search for your favorite software at astalavista.box.sk and follow some of the download links if you want to experience this first-hand.
The real problem with Sealand is that its sovreign nation status has not been seriously questioned or debated by anyone because it's not worth anyone's time. If you seriously pissed off a large multinational corporation through the use of HavenCo you can bet that Britain and the rest of the world would take a moment to reexamine the situation and conclude that it's not a nation at all... What the hell are they supposed to do when a boat full of SWAT-style law enforcement goons with automatic weapons show up demanding to take the servers' hard drives for a criminal investigation, and claiming that Sealand is just a part of Britain? "Nuh-uh, we're sovreign! Go away! You can't make me! Ouch, stop with the handcuffs! You're hurting me! Ooowwwie!"
If you think that copyright law is something unique to the US go look up the Berne Treaty. You can barely find a semi-industrialized country that is not a signatory of this treaty, which grants basic copyright protections. Copying the textbook is illegial in most every country on this planet. Let's just stop with all this "I don't know (country) law so I'll pretend it doesn't matter" BS.
There have been third party AIM/MSN/ICQ clients for years, such as Gaim, Miranda, and Trillian. If the rest of the world shared the same gripe about the crappy UI that the author of this article had, then wouldn't you expect use of those programs to dwarf use of the "official" clients? Yet I'd be surprised if their use registers in the double-digits percentage wise.
This article is one of the more logically inconsistent and poorly thought out ones I've seen posted to slashdot in a long time. The author starts out with a screed about how bad the official AIM client is. He then uses that to suggest that the protocol needs to be changed to Jabber. Hello? Someone doesn't understand the difference between the CLIENT implementation and the PROTOCOL implementation. You can use Trillian to AIM/ICQ/MSN/YIM all day long with none of the ridiculous complaints the author has. "Oh no, an ad and large toolbar buttons!" Christ, get a different client. But don't condemn the whole protocol because of a bad implementation. If by some stroke of magic Jabber became popular, you can bet the big boys would make a Jabber client with ads and games and stupid toolbars also.
The author then goes on to make some ill-formed conclusion that somehow Google would have anything to do with this. The fact is that these days the IM field is pretty mature, and there are already too many large players. Yet another company asking users to switch to another IM program is going to be a hard sell. People have been offering new protocols like Jabber for years, as well as replacement clients like Trillian for existing protocols -- and yet everyone still uses the crappy mainline versions with ads and distractions and bloat. When it comes to software and web companies, it's really hard to get much bigger than Microsoft/MSN, Yahoo, and AOL. They have the marketing budget and mindspace to get people to run their clients. Google may be big but it's not a deity, it cannot expect to cause everyone to switch without resorting to underhand tactics like installing its software without permission or making deals to bundle it with Windows. I don't see how Google would have any chance of doing anything about the IM landscape.
The google spider doesn't care what port is in the URL. It's not like it's doing port-scans of machines randomly looking for web servers. All it cares about is that the URL is linked in a document somewhere. That's the whole point of Uniform Resource Locator, after all. If you have a document served on the normal port 80 it will never be indexed by Google unless it's referenced from some other page on the web. Likewise a document on a nonstandard port will be indexed just like any other as long as there's at least one page that links to it.
How about an actual fucking link that you can click on.
It's funny, you neglected to make your URL into a link (and hence it had a stray space inserted into it by slashcode, making it invalid for lazy copy-and-pasters) yet for some reason you felt the need to manually add "[slashdot.org]" in your post, which is automatically added by slashcode for all links, not something that you need to type. If it were user-supplied data it would completely defeat the purpose, which is to identify the domain of the link for all the idiots that can't hover over the link and look in the status bar and are ultra-paranoid about clicking on goatse.cx man accidently.
I don't know why the parent was marked a troll because its a valid question.
The reason is that most win32 users would scoff at the notion of keeping Sun's bloated pig of a JVM loaded all the time for something fairly simple like a tray mail notifier. It's like saying, "Hey, check out my neat new gmail indicator! Only 50MB runtime!" That's the reason for the troll moderation.
You laugh now... but just wait till the kiddiez start trading their warez via DNS TXT records. Yeah, just you wait and see. :-)
shouldn't we just leave the networks open and have secure computers? what's the problem with having a wide open network if you've got your computer all patched up and are encrypting your e-mail, etc?
The problem is that the current model of dealing with network abuse requires that there be a traceable party accountable for what happens with the connection. Currently the only way to deal with abuse such as spam, warez, DoS attacks, etc. is to send a LART to the person listed as responsible for that netspace, and hope that they find some way to find the actual responsible party and put an end to the abuse. If everyone left their AP wide open, this model would fall apart and there'd be no way to deal with abuse. It's not just about "computer security" in the sense that you should harden your computer against being vulnerable. At the end of the day somebody has to be responsible for the actions of each netblock. The system was designed that way, owing back to its origin as a bunch of cooperating research entities. If you were to redesign the system today you might be able to change that assumption, but currently that's the basic theory that makes the entire net work, that there is someone responsible should something break or if abuse is detected.
The problem is that "secure by default" (as practiced by e.g. OpenBSD) results in more suport calls for the manufacturer. They figured a long time ago that by shipping it with everything disabled that could possibly interfere with it it working right out of the box, that they'd both have happier customers and fewer support issues. I'm sure most manufacturers of WIFI gear would like all networks to be at least moderately secure. But taking steps to do that would hurt their bottom line, so they pass the buck. "It's the consumer's responsibility to secure his network, don't look at us."
I'm sure there's a some economic theory about situations like this, where on the face of it there is no good financial argument for doing something but there's a very compelling social and/or technological one. Tragedy of the commons perhaps.
A minor nitpick: It's not "the show belonging to a person named Simpson", it's the plural Simpsons without an apostrophe.
Have you ever actually read an AUP/TOS from *any* ISP *anywhere*? Contractually, you are responsible for whatever happens with the connection. Period. Now, your point of view is more from the standpoint of the legal side of the issue. In that very limited sense I agree: If someone used your open WIFI network to sell child porn, you personally would probably not be charged with distribution of child pornography. But you most likely *would* be charged with criminal negligence, contribution to the delinquincy of a minor, or some other crime related to purposefully setting up the circumstances under which someone else is assisted in commiting a crime.
But *contractually* speaking it's you and only you. That means you could be fined or have your connection terminated, among other things, based solely on the actions of others, even if you had no knowledge or participation of their actions. Read those contracts.
Not only that, but it's a logical fallacy to not include the resources required to manufacture the two things being compared. Fabs to make digital ICs use all sorts of nasty chemicals.
For example, suppose that it takes 5 'units' to manufacture a regular optical camera and 1 'unit' per roll of film to process. (Here a "unit" is just a figure of speech, let it represent whatever you're comparing, e.g. amount of detrimental environmental impact.) Compare to the digital camera whose environmental cost might be, say, 0.5 'units' per set of images printed. On the face of it, it seems like the digital one requires less resources, but what if it takes 20 'units' to manufacture the digital one because of all the dozens of processing steps necessary to make those wonderful modern CMOS chips? Unless it's re-used 'n' times it's more of an environmental detriment than the optical one, where 'n' is whatever break-even point.
Now obviously that's quite a contrived example, but really my point was you can't just look at the thing and say "processing digital images doesn't use nasty chemicals, therefore it's better for the environment." You have to take into account all of the resources required to manufacture and dispose of the item, among other things. As the parent points out, batteries are an especially nasty example of something with a high "hidden" environmental cost of disposal.
Fine, then you'd better not complain when sites come up with elaborate schemes that try to force you to download advertisement images before it will allow you to download the content. If you thought todays ads were bad just imagine what the landscape will be like in a few years. After all, it's their server's bandwidth and if they want to require you to download an ad first then it's their right.
See how this line of reasoning is meaningless? Besides, who pays for bandwidth by the byte, really? The vast majority of common home web surfers have some kind of flat-rate connection, either dialup or *DSL/cable broadband. Yes I realize that "real" transit is sold by the 95th percentile, yadda yadda yadda, but if you're talking about a "real" connection then you likely don't give a shit about silly banner ads, you have much larger sources of bandwidth to deal with.
Someone should post that link to Eben Moglen explaining why no company has ever tried to attack the GPL in court... (except SCO of course) Basically he explains that in almost all cases of GPL-violations the violator would have to be totally nuts to try the case in court, and that in almost every instance it's much easier to settle the dispute some other way. The fact that it had never made it to court is a strength not a weakness.
OR, you could get a $30 hardware NAT gateway and forget about all that bullshit.
There's no need to jump through all those damn hoops. You can connect the system with no software firewall and no service pack without any fear of anything while you download updates and install the system. I don't see why in the world anyone would try to do it otherwise.
nd when he got some code from me and my colleques to put it in his library, comments usually vanished.
Good god, he removed the comments? Why on earth... "This looks like pretty good code you've got here, but these pesky comments are just taking up too much disk space and don't actually do anything. Better remove them... there."
Looks like someone rushed to make a post and get a high rating without reading the story links. "unconfirmed reports" are confirmed in the damn article by MS, with complete details. Reading is FUNdamental.
Why in god's name was this modded insightful? If anything, he was being facetious. "Just reinstall it" is the cry of the ignorant, the equivalent of throwing your arms up in the air when something happens rather than fixing it. I can't fathom why people do this. Take some time and learn something about your system and you wouldn't be stuck wiping your hard drive every two months.
Besides, in this context it's totally wrong. Reinstalling windows will not remove all the hotfix uninstall directories, unless you were not to run Windows Update after the new install. You could achieve the same effect by simply uninstalling all of the fixes. In either case you'd be running a terribly vulnerable system. If installing a service pack does indeed remove the files then just do that, don't bother reinstalling everything.
I think the logic goes something like, "Whatever we do is legitimate because we're a Corporation and we are Respectable Busisnessmen; those dirty Free Software hippies on the other hand are the work of Satan and must be stopped or they'll ruin Capitalism."
Yes, it was fixed some time around 1-July-2004. See http://www.cygwin.com/ml/cygwin/2004-07/msg00015.h tml. Try a snapshot if you want to test this.
So just set Tbird to not delete mail from the POP server after retrieving it. Then you can pop your mail with both Tbird and your regular client. If you don't like Tbird just stop using it and go back to your old client, you won't have lost anything.
So Sony Entertainment told them to make an incomprehensible and shitty user interface and crappy PC software? Sorry, but I don't see a relation. True, they influenced the ATRAC3-only nature. But the article makes it quite clear that one of the biggest problems (if not _the_ biggest) is the terrible UI and software.
Why not use Cygwin? It "fixes" the Win32 behavior you speak of and gives you back the unix/posix environment on windows. Of course it also means your code is touched by the GPL fairy, so if it's not free software then it could be a problem.
Mod parent up.
I groan every time I use some web "application" that involves submitting a form and waiting 3 to 10 seconds between each step. It's a ridiculous way of making something interactive. Even the best hacks (such as Gmail which uses a pile of javascript and DHTML to make things seem instantaneous) take excrutiating amounts of coding and testing and still fall prey to the "submit and wait for a whole new page" thing for some parts.
HTTP is great for static pages, but anything remotely interactive would benefit from some kind of persistent connection without scripting hacks.